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DETAILED ACTION 
Continued Examination Under 37 CFR LI 14 

1 . A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1.17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.114. Applicants submission filed on 09/19/2005 has been entered. 

2. Claims 1-4, 43-46,and 90-103 have been examined. 

Claim Rejections - 35 USC §102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

4. Claims 1-3, 43-45 and 90 are rejected under 35 U.S.C. 102(e) as being anticipated by 
U.S. Patent No. 6263446 to Kausik et al. 

Referring to claim 1, Kausik et al. disclose receiving at a first server (i.e. credential 
server), a transaction request from a user for a transaction at a merchant server (see claim 30(a) - 
receiving from a requestor, over a network a request for a predetermined authentication 
credential), issuing a challenge to the user (see claim 30 (b) - transmitting, to said requestor, a 
challenge), receiving a response from the user based upon said challenge (see claim 30 (c) - 
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receiving an answer to said challenge), processing said response to verify an instrument (see 
claim 30 (d) - determining that said answer satisfies said challenge & claim 34- the instrument is 
interpreted as a digital wallet), providing at least a portion of said assembled credentials to said 
user (see claim 30 (e) transmitting said authentication credential for said requestor and claim 32 
- said credential is a private key), receiving, at a second server (i.e. access control server), a 
second request from said user, said second request including said portion of said assembled 
credentials provided to said user, and validating at said second server, said portion of said 
assembled credentials provided to said user with said key of said assembled credentials to 
provide access to a transaction service (see col. 3, lines 43-49 & 61-63). As for assembling 
credentials for the transaction at said first server, said credentials comprising at least one key, 
this is an inherent step. Notice, Kausik et al. the authentication credential is in existence at said 
server prior to the request (see claim 30, (a) (i)), which implies that the credential has been 
created. Claim 32 discloses a credential that is a private key. 

Referring to claims 2 and 44, Kausik et al. disclose the transaction is an electronic 
purchase transaction (see col. 3, lines 22-24). 

Referring to claims 3 and 45, Kausik et al. disclose the electronic purchase transaction is 
conducted using a digital wallet (see claim 34). 

Referring to claim 43, Kausik et al. disclose receiving, at a first server (i.e. credential 
server), a transaction request from a user for a transaction at a merchant server (see claim 30(a) - 
receiving from a requestor, over a network a request for a predetermined authentication 
credential), issuing a challenge to the user (see claim 30 (b) - transmitting, to said requestor, a 
challenge), receiving a response from the user based upon said challenge (see claim 30 (c) - 
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receiving an answer to said challenge), processing said response to verify the user (see claim 30 
(d) - determining that said answer satisfies said challenge & claim 34- the instrument is 
interpreted as a digital wallet), providing at least a portion of said assembled credentials to said 
user (see claim 30 (e) transmitting said authentication credential for said requestor and claim 32 
- said credential is a private key), receiving, at a second server (i.e. access control server), a 
second request from said user, said second request including said portion of said assembled 
credentials provided to said user, and validating at said second server, said portion of said 
assembled credentials provided to said user with said key of said assembled credentials to 
provide access to a transaction service (see col. 3, lines 43-49 & 61-63). As for assembling 
credentials for the transaction at said first server, said credentials comprising at least one key, 
this is an inherent step. Notice, Kausik et al. the authentication credential is in existence at said 
server prior to the request (see claim 30, (a) (i)), which implies that the credential has been 
created. Claim 32 discloses a credential that is a private key. 

Referring to claim 90, Kausik et al. disclose receiving at a first server (i.e. credential 
server), a transaction request from a user for a transaction at a merchant server (see claim 30(a) - 
receiving from a requestor, over a network a request for a predetermined authentication 
credential), issuing a challenge to the user (see claim 30 (b) - transmitting, to said requestor, a 
challenge), receiving a response from the user based upon said challenge (see claim 30 (c) - 
receiving an answer to said challenge), processing said response to verify an instrument (see 
claim 30 (d) - determining that said answer satisfies said challenge & claim 34- the instrument is 
interpreted as a digital wallet), providing at least a portion of said assembled credentials to said 
user (see claim 30 (e) transmitting said authentication credential for said requestor and claim 32 
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- said credential is a private key), receiving, at a second server (i.e. access control server), a 
second request from said user indicating readiness to complete the transaction, said second 
request including said portion of said assembled credentials provided to said user, and validating 
at said second server, said portion of said assembled credentials provided to said user with said 
key of said assembled credentials to thereby permit processing and completion of said 
transaction (see col. 3, lines 43-49 & 61-63). As for assembling credentials for the transaction at 
said first server, said credentials comprising at least one key, this is an inherent step. Notice, 
Kausik et al. the authentication credential is in existence at said server prior to the request (see 
claim 30, (a) (i)), which implies that the credential has been created. Claim 32 discloses a 
credential that is a private key. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. Claims 4, 46 and 91-103 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Kausik et al. as applied to claims 1 and 90 above, and further in view of U.S. Patent No. 6873974 
to Schutzer. 

Referring to claims 4, 96 and 101, Kausik et al. disclose an instrument (see claim 1 
above). Kausik et al. do not expressly disclose the instrument is a smart card. Schutzer discloses 
the instrument is a smart card (see col. 9, lines 16-24). At the time the invention was made, it 
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would have been obvious to a person of ordinary skill in the art to modify the method disclose by 
Kausik et al. to include an instrument that is a smart card. One of ordinary skill in the art would 
have been motivated to do this because smart cards are more secure than software wallets and 
they can be conveniently carried as the user roams (see Kausik et al. col. 1, lines 56-58). 

Referring to claim 46, Kausik et al. disclose a user conducts a transaction via a wallet 
(see claim 43 above). Kausik et al do not expressly disclose the user conducts the transaction 
via a smart card. Schutzer discloses the user conducts the transaction via a smart card (see col. 9, 
liens 16-24). At the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to modify the method disclose by Kausik et al. to include the step 
wherein the user conducts the transaction via a smart card. One of ordinary skill in the art would 
have been motivated to do this because smart cards are more secure than software wallets and 
they can be conveniently carried as the user roams (see Kausik et al. col. 1, liens 56-58). 

Referring to claim 91, Kausik et al. disclose a user, and second server (see claim 90 
above). Kausik et al. do not expressly disclose accessing required information associated with 
said user from said second server, populating one or more corresponding user purchase forms at 
said second server with said required information and said second server providing said 
populated user purchase forms and an authorization response message to a merchant for 
processing and completion of said transaction. Schutzer discloses accessing required 
information associated with said user from said second server, populating one or more 
corresponding user purchase forms at said second server with said required information and said 
second server providing said populated user purchase forms and an authorization response 
message to a merchant for processing and completion of said transaction (see col. 2, lines 15-27). 
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At the time the invention was made, it would have been obvious to a person of ordinary skill in 
the art to modify the method disclose by Kausik et al. to include the steps of accessing required 
information associated with said user from said second server, populating one or more 
corresponding user purchase forms at said second server with said required information and said 
second server providing said populated user purchase forms and an authorization response 
message to a merchant for processing and completion of said transaction. One of ordinary skill 
in the art would have been motivated to do this because it provides an electronic system that 
allows users to easily interact with merchants. 

Referring to claims 92, 93, 100 and 102, Kausik et al. disclose the transaction is an 
electronic purchase transaction and the transaction is a web-based purchase transaction (see col. 
3, lines 22-24). 

Referring to claims 94 and 95, Kausik et al. disclose the electronic purchase transaction is 
conducted using a digital wallet (see claim 34). 

Referring to claims 97 and 103, Kausik et al. disclose an electronic transaction system 
(see claim 91 above). Kausik et al. do not expressly disclose said required information includes 
user name, user address, shipping address, card number and payment amount. Schutzer disclose 
said required information includes user name, user address, shipping address, card number and 
payment amount (see abstract). At the time the invention was made, it would have been obvious 
to a person of ordinary skill in the art to modify the method disclose by Kausik to include said 
required information includes user name, user address, shipping address, card number and 
payment amount. One of ordinary skill in the art would have been motivated to do this because 
it provides an electronic system that allows users to easily interact with merchants. 
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Referring to claim 98, Kausik et al. disclose receiving at a first server (i.e. credential server), a 
transaction request from a user for a transaction at a merchant server (see claim 30(a) - receiving 
from a requestor, over a network a request for a predetermined authentication credential), issuing 
a challenge to the user (see claim 30 (b) - transmitting, to said requestor, a challenge), receiving 
a response from the user based upon said challenge (see claim 30 (c) - receiving an answer to 
said challenge), processing said response to verify an instrument (see claim 30 (d) - determining 
that said answer satisfies said challenge & claim 34- the instrument is interpreted as a digital 
wallet), providing at least a portion of said assembled credentials to said user (see claim 30 (e) 
transmitting said authentication credential for said requestor and claim 32 - said credential is a 
private key), receiving, at a second server (i.e. access control server), a second request from said 
user, said second request including said portion of said assembled credentials provided to said 
user, and validating at said second server, said portion of said assembled credentials provided to 
said user with said key of said assembled credentials to thereby permit processing and 
completion of said transaction (see col. 3, lines 43-49 & 61-63). As for assembling credentials 
for the transaction at said first server, said credentials comprising at least one key, this is an 
inherent step. Notice, Kausik et al. the authentication credential is in existence at said server 
prior to the request (see claim 30, (a) (i)), which implies that the credential has been created. 
Claim 32 discloses a credential that is a private key. Kausik et al. do not expressly disclose 
accessing required information associated with said user from said second server, populating, at 
said second server, one or more corresponding user purchase forms with said required 
information and said second server providing said populated user purchase forms and an 
authorization response message to a merchant for processing and completing said purchase 
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transaction. Schutzer discloses accessing required information associated with said user from 
said second server, populating one or more corresponding user purchase forms at said second 
server with said required information and said second server providing said populated user 
purchase forms and an authorization response message to a merchant for processing and 
completion of said transaction (see col. 2, lines 15-27). At the time the invention was made, it 
would have been obvious to a person of ordinary skill in the art to modify the method disclose by 
Kausik et al. to include the steps of accessing required information associated with said user 
from said second server, populating one or more corresponding user purchase forms at said 
second server with said required information and said second server providing said populated 
user purchase forms and an authorization response message to a merchant for processing and 
completion of said transaction. One of ordinary skill in the art would have been motivated to do 
this because it provides an electronic system that allows users to easily interact with merchants. 

Referring to claim 99, Kausik et al. disclose receiving said challenge at said instrument 
(see claim 30 (b) and claim 34 - transmitting, to said requestor, a challenge. . .said transmitting is 
to a digital wallet of a requestor), receiving said personal identifier (i.e. PIN) from said user, said 
instrument validating said personal identifier sand unlocking said instrument (see col. 5, lines 10- 
24, the user enters a Pin to unlock the wallet. . .the PIN is compared with a stored hash value. . .if 
the two hash values agree, the PIN is passed to decryption module... the decrypted private key is 
released for use), said instrument transmitting said response to said first server (see claim 30 (c)). 
As for the step of said instrument prompting said user for a personal identifier this is an inherent 
step. That is, before the user enters the PIN he must have previously been prompted for such 
entry. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jalatee Worjloh whose telephone number is (571) 272-6714. The 
examiner can normally be reached on Mondays-Thursdays 8:30 - 7:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James Trammell can be reached on (571) 272-6712. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300 for Regular/After 
Final Actions and 571-273-6714 for Non-Official/Draft. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Any response to this action should be mailed to: 



Commissioner of Patents and Trademarks 



P.O. Box 1450 
Alexandria, VA 22313-1450 




Jalatee* Worjloh 
Patent Examiner 
Art Unit 3621 



October 6, 2005 



